Modified to use MSVSphere Secure Boot certificates

i9-beta changed/i9-beta/grub2-2.06-70.el9_3.1.inferit
Sergey Cherevko 1 year ago
parent 051644c306
commit ef7e749eee
Signed by: scherevko
GPG Key ID: D87CBBC16D2E4A72

@ -1,3 +1,4 @@
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
grub,3,Free Software Foundation,grub,@@VERSION@@,https//www.gnu.org/software/grub/ grub,3,Free Software Foundation,grub,@@VERSION@@,https//www.gnu.org/software/grub/
grub.rh,2,Red Hat,grub2,@@VERSION_RELEASE@@,mailto:secalert@redhat.com grub.rh,2,Red Hat,grub2,@@RHEL_VERSION_RELEASE@@,mailto:secalert@redhat.com
grub.msvsphere,2,MSVSphere,grub2,@@VERSION_RELEASE@@,mailto:security@msvsphere-os.ru

@ -1,3 +1,6 @@
%global efi_vendor msvsphere
%global efidir msvsphere
%global efi_esp_dir /boot/efi/EFI/%{efidir}
# This package calls binutils components directly and would need to pass # This package calls binutils components directly and would need to pass
# in flags to enable the LTO plugins # in flags to enable the LTO plugins
# Disable LTO # Disable LTO
@ -16,7 +19,7 @@
Name: grub2 Name: grub2
Epoch: 1 Epoch: 1
Version: 2.06 Version: 2.06
Release: 70%{?dist}.1 Release: 70%{?dist}.1.inferit
Summary: Bootloader with support for Linux, Multiboot and more Summary: Bootloader with support for Linux, Multiboot and more
License: GPLv3+ License: GPLv3+
URL: http://www.gnu.org/software/grub/ URL: http://www.gnu.org/software/grub/
@ -37,25 +40,9 @@ Source12: sbat.csv.in
%include %{SOURCE1} %include %{SOURCE1}
%ifarch x86_64 aarch64 ppc64le
%define sb_ca %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer %define sb_ca %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
%define sb_cer %{_datadir}/pki/sb-certs/secureboot-grub2-%{_arch}.cer %define sb_cer %{_datadir}/pki/sb-certs/secureboot-grub2-%{_arch}.cer
%endif %define sb_key spheresecureboot001
%if 0%{?centos}
%ifarch x86_64 aarch64 ppc64le
%define sb_key centossecureboot202
%endif
%else
%ifarch x86_64 aarch64
%define sb_key redhatsecureboot502
%endif
%ifarch ppc64le
%define sb_key redhatsecureboot702
%endif
%endif
BuildRequires: gcc efi-srpm-macros BuildRequires: gcc efi-srpm-macros
@ -97,6 +84,9 @@ variety of kernel formats, file systems, computer architectures and \
hardware devices.\ hardware devices.\
%{nil} %{nil}
# MSVSphere: keep upstream EVR for RHEL SBAT entry
%define rhel_version_release $(echo %{version}-%{release} | sed 's/\.inferit.*//')
# generate with do-rebase # generate with do-rebase
%include %{SOURCE11} %include %{SOURCE11}
@ -189,7 +179,7 @@ This subpackage provides the GRUB user-space emulation modules.
mkdir grub-%{grubefiarch}-%{tarversion} mkdir grub-%{grubefiarch}-%{tarversion}
grep -A100000 '# stuff "make" creates' .gitignore > grub-%{grubefiarch}-%{tarversion}/.gitignore grep -A100000 '# stuff "make" creates' .gitignore > grub-%{grubefiarch}-%{tarversion}/.gitignore
cp %{SOURCE4} grub-%{grubefiarch}-%{tarversion}/unifont.pcf.gz cp %{SOURCE4} grub-%{grubefiarch}-%{tarversion}/unifont.pcf.gz
sed -e "s,@@VERSION@@,%{version},g" -e "s,@@VERSION_RELEASE@@,%{version}-%{release},g" \ sed -e "s,@@VERSION@@,%{version},g" -e "s,@@VERSION_RELEASE@@,%{version}-%{release},g" -e "s,@@RHEL_VERSION_RELEASE@@,%{rhel_version_release},g" \
%{SOURCE12} > grub-%{grubefiarch}-%{tarversion}/sbat.csv %{SOURCE12} > grub-%{grubefiarch}-%{tarversion}/sbat.csv
git add grub-%{grubefiarch}-%{tarversion} git add grub-%{grubefiarch}-%{tarversion}
%endif %endif
@ -533,6 +523,11 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
%endif %endif
%changelog %changelog
* Thu Oct 12 2023 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 2.06-70.el9_3.1.inferit
- Modified to use MSVSphere Secure Boot certificates
(changes from Eugene Zamriy <ezamriy@msvsphere-os.ru> have been applied)
- Rebuilt for MSVSphere 9.3
* Thu Sep 7 2023 Nicolas Frayer <nfrayer@redhat.com> - 2.06-70.el9_3.1 * Thu Sep 7 2023 Nicolas Frayer <nfrayer@redhat.com> - 2.06-70.el9_3.1
- Bump spec release version - Bump spec release version
- Related: #2203203 - Related: #2203203

Loading…
Cancel
Save